Package: unicon-imc2
Version: 3.0.4-11
Severity: grave
Usertags: sourcescan
*** Please type your report below this line ***
CVE-2007-2835 : Allows local root compromise via zhcon.
Anyway, the setuid(0) zhcon application links to this library,
which contains a buffer overflow which may be used to gain root.
(Actually any application using this library can be exploited;
this is the only setuid one I could spot.)
The source of this problem is ./unicon/ImmModules/cce/CCE_pinyin.c:
static int
IMM_Flush ()
{
char name[256];
sprintf(name,"%s/.pyinput/usrphrase.tab",getenv("HOME"));
SaveUsrPhrase(name);
sprintf(name,"%s/.pyinput/sysfrequency.tab",getenv("HOME"));
SavePhraseFrequency(name);
return 1;
}
There are similar problems in the file /unicon/ImmModules/cce/xl_pinyin.c
too.
Steve
--
# Commercial Debian GNU/Linux Support
http://www.linux-administration.org/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
